Phishing is an attempt to acquire sensitive information such as usernames, passwords and credit card details for malicious reasons by masquerading as trustworthy entity in an electronic communications. Phishing emails, for example, may contain links to websites that are expecting users to input their information. Among others, phishing may be carried out by email spoofing or instant messaging, for example, and it often directs users to enter details at a fake website that may look and feel almost identical to the legitimate one. The main distribution vector for phishing websites are different communication messages, such as emails. After a phishing web page is setup, people are typically spammed with messages in order to lure them to visit the phishing web page and enable the attackers to acquire their credentials.
Current security applications are used to prevent web users from visiting malicious uniform resource locators (URLs). This protects user's computer systems from executing malicious or unwanted software and helps avoiding malicious attacks via illegitimate webpages. Also different reputation systems are used by the security applications to evaluate the safety of accessed webpages. However, it is challenging to keep up-to-date with the huge amount of new phishing websites that are established continuously. For example, it is common that trusted banking websites are attacked by phishing attempts. Also geolocation-specific phishing in certain countries where security services may have no visibility at all have become a problem.